Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos filtered Email to M365 - Microsoft then removing legit emails as High Confidence Phish

We have many clients on Sophos filtering of email before delivery to m365

Yesterday we had several clients, where the email was "removed" (after delivery) from their inboxes and taken back to M365 quarantine as a "high confidence phish"

Essentially it was very much (all) the emails that contained a URL

I'm wondering if the Sophos modification of those URL's at the spam/virus filter end (safe links) prior to delivery, is upsetting "something" at M365 and what do we need to do to fix it?

This thread was automatically locked due to age.
Parents Reply
  • Hi Chris
    We determined its a new Microsoft "feature"
    We Disabled the Zero-Hour auto purge  (ZAP) "feature" in the 365 backend
    (Given Sophos has already seen the email and considered it's safe)
    Problem has gone away now
    Not entirely comfortable with that solution, but its working for us

No Data